Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Jason PowerPoint Presentation

Jason

108 Views Download Presentation
Download Presentation

Jason

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Jason Javacards as secure objects network by Richard Brinkman

  2. Javacards as secureobjects network • Compare to other chip cards • Memory cards • Smart cards • Characteristics: • Tamper proof • 5 MHz processor • 16 kB memory • Multi-application • Object Oriented

  3. Applet Applet Applet Loader Libraries Javacard Virtual machine Card Hardware Javacards as secureobjects network

  4. Javacards as secureobjects network javac compiler .java files .class files .cap file scriptgen converter .scr file apdutool smart card

  5. Internet Javacards as secureobjects network

  6. Javacards as secureobjects network • Requirements: • Simple to use • Separation of concerns • Lightweight • Authenticity • Confidentiality • Role-based access control

  7. Javacards as secureobjects network • Implementation public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; } }

  8. Javacards as secureobjects network • Java Interface File public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); }

  9. Javacards as secureobjects network • Jason Definition File public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); }

  10. Javacards as secureobjects network • Client application public class Client { public static void main(String[] args) { KeyStore keyStore = ... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! } }

  11. Internet Javacards as secureobjects network Application Applet’s implementation Key Store Key Store Stub Skeleton

  12. Select APDU Select response Client random + role Card random + {Client random}Kcard-1 {Card random}Krole-1 {Session key}Krole Javacards as secureobjects network Log in

  13. Header Parameters Freshness counter Signature SW Return value Freshness counter Signature Javacards as secureobjects network Method Invocation

  14. PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 PP1 Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2

  15. Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 CP1 CP2 ACP1 ACP2 Padding PP1 Confidential

  16. Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 PP1 Confidential AP1 AP2

  17. Header Parameters Counter Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 Header Counter ACP1 ACP2 AP1 AP2 PP1 Confidential AP1 AP2 Sign

  18. Conclusion • Simple to use • Concentrate on functionality • Security has only to be verified once

  19. Questions?